nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lixonet-ee/README.md
sump pump 6ef8f6fa3a Update README.md, bird/bird.conf.tmpl files
2020-05-21 23:45:25 +00:00

133 lines
7.4 KiB
Markdown
Raw Blame History

# Lixonet Enterprise Edition (LIXONET 3)
This is the semi-official, testing Lixonet EE repository.
Custom configurations should be supplied in a `lixonet.conf` file in the `name=value` format, such as your subnet. Additionally, a tinc keypair is also be required.
**Generating keypairs for tinc (`tinc.key`)**:
Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
Run: `tincd -n lixonet -K`
# Configuration options
#### Location
A `lixonet.conf` file should be under each **network** directory you'd like to create. Create one directory for each mesh you'll be joining, under `/etc/lixonet`. If you want to join the `teamlixo` mesh for example, do this:
1. Create `/etc/lixonet/teamlixo/lixonet.conf` and specify at least all **required** options in this file.
2. Create or save `/etc/lixonet/teamlixo/tinc.key`
#### Available networks
Official networks:
| Name | Git clone URL(s) | Subnet | ASN format | Administsration |
| ------ | ------ | ------ | ------ | ------ |
| teamlixo | http://git.team.lixo/lixonet/teamlixo.mesh.git | 172.31.0.0/16 | 4206969XXXX | Manevolent, Nurd |
| colorado | http://git.team.lixo/lixonet/colorado.mesh.git | 172.29.0.0/16 | 4206970XXXX | Manevolent |
#### Format
All options are supplied in the `name=value` format on individual lines, i.e. `name=test_name_lixo`
## Required options
You **MUST** specify these options, or Lixonet will not work.
* `git` - The Git clone repository URL, used for peer configurations.
* `tinc_peer_name` - The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
* `tinc_peer_address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx
* `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
* `bgp_asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
#### Configuration example
A copy of the live configuration (`/etc/lixonet/teamlixo/lixonet.conf`) used by `denco_mane_lixo`:
```
git=http://git.team.lixo/lixonet/teamlixo.mesh.git
tinc_peer_name=denco_mane_lixo
tinc_peer_address=172.31.0.8
tinc_bind_address=172.31.8.2
bgp_asn=4206969008
bgp_routes=172.31.8.0/21,172.31.254.0/24
network_address=172.31.0.0
netmask=255.255.255.0
```
(A key exists at `/etc/lixonet/teamlixo/tinc.key`)
`cat /etc/network/interfaces`:
```
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
hostname lixonet
```
`ifconfig eth0`:
```
lixonet:/home/manevolent# ifconfig eth0
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:172.31.8.2 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:313268 errors:0 dropped:0 overruns:0 frame:0
TX packets:266835 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:223824994 (213.4 MiB) TX bytes:145971829 (139.2 MiB)
```
`docker ps -a | grep teamlixo` (built by `./build.sh`):
```
646e3b6b5456 teamlixo_tinc "sh -c '/usr/sbin/ti…" 17 minutes ago Up 15 minutes teamlixo_tinc_1
84fda16f829b teamlixo_bird "/bin/sh -c 'bird -c…" 17 minutes ago Up 9 minutes teamlixo_bird_1
```
## Non-required options:
#### General network options
* `global_prefix`: global network prefix: defaults to `16`.
* `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
* `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
#### Tinc options
* `network_name` - The name of the interface that Tinc should create when it's started. Defaults to `lixonet`. Set this for multiple networks.
* `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1). This is _not_ the Lixonet router IP (i.e. 172.31.0.8). Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead.
* `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
#### BGP options
For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
* `bgp_path_metric`: Enable comparison of path lengths when deciding which BGP route is the best one (`0` or `1`): defaults to `1`
* `bgp_aigp`: BGP AIGP state (`enable`, `disable`, or `originate`): defaults to `originate` (see BIRD documentation)
* `bgp_rpki_retry`: If RPKI cache data cannot be obtained, the time period in seconds between a failed query the next attempt. Defaults to `90`.
* `bgp_rpki_refresh`: How long to wait in seconds before attempting to poll RPKI cache data after the last successful poll. Defaults to `900`.
* `bgp_rpki_expire`: How long to keep any records locally cached before they are deleted. Defaults to `172800` (2 days).
* `bgp_rpki_known_hosts`: The file path for the SSH key `known_hosts` file to use when validating remote RPKI hosts. Defaults to `/etc/bird/rpki/known_hosts` (provided by Lixonet; don't change this unless you need to!).
* `bgp_passwd_*`: The password for a specific BGP peer (i.e. `bgp_passwd_denco_mane_lixo`). If not specified, no password is used for the host.
* `bgp_routes`: A comma-delimited list of routes to advertise over BGP. If not specified, no routes are propagated.
# Setup
#### Prerequisites:
1. `docker` and `docker-compose` (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), `git`, and `curl` are installed (Alpine: `apk add`). You may also want to make docker run at boot: `rc-update add docker boot`.
2. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters.
4. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards.
5. `sigil` is installed (`curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin`)
6. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` and `iptables -P FORWARD ACCEPT` are run (and persisted) to allow IP forwarding. To persist these changes, see: https://wiki.alpinelinux.org/wiki/Configure_Networking, refer to "Save Firewall Rules".
#### Install:
1. Clone this repository: `git clone`
2. `mkdir /etc/lixonet/(mesh)/`
3. Fill out `/etc/lixonet/(mesh)lixonet.conf` (see: **Configuration options**)
4. Supply `/etc/lixonet/(mesh)/tinc.key`
5. Run `chmod +x build.sh && ./build.sh` to deploy the stack on Docker.
Reference in New Issue View Git Blame Copy Permalink